Bypass obfuscation for safe sources
This commit is contained in:
parent
38b712ac9a
commit
ba3124bd69
GPG Key ID:
5ACFCEED46C0904F
|
|
@ -351,6 +351,7 @@ def query_results(
|
||||||
return {"message": message, "class": message_class}
|
return {"message": message, "class": message_class}
|
||||||
else:
|
else:
|
||||||
size = 20
|
size = 20
|
||||||
|
source = None
|
||||||
if "source" in query_params:
|
if "source" in query_params:
|
||||||
source = query_params["source"]
|
source = query_params["source"]
|
||||||
if source not in settings.OPENSEARCH_MAIN_SOURCES:
|
if source not in settings.OPENSEARCH_MAIN_SOURCES:
|
||||||
|
|
@ -378,20 +379,26 @@ def query_results(
|
||||||
|
|
||||||
if date_query:
|
if date_query:
|
||||||
if settings.DELAY_RESULTS:
|
if settings.DELAY_RESULTS:
|
||||||
|
if source not in settings.SAFE_SOURCES:
|
||||||
if request.user.has_perm("core.bypass_delay"):
|
if request.user.has_perm("core.bypass_delay"):
|
||||||
add_top.append(range_query)
|
add_top.append(range_query)
|
||||||
else:
|
else:
|
||||||
delay_as_ts = datetime.now() - timedelta(days=settings.DELAY_DURATION)
|
delay_as_ts = datetime.now() - timedelta(
|
||||||
|
days=settings.DELAY_DURATION
|
||||||
|
)
|
||||||
lt_as_ts = datetime.strptime(
|
lt_as_ts = datetime.strptime(
|
||||||
range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ"
|
range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ"
|
||||||
)
|
)
|
||||||
if lt_as_ts > delay_as_ts:
|
if lt_as_ts > delay_as_ts:
|
||||||
range_query["range"]["ts"]["lt"] = f"now-{settings.DELAY_DURATION}d"
|
range_query["range"]["ts"][
|
||||||
|
"lt"
|
||||||
|
] = f"now-{settings.DELAY_DURATION}d"
|
||||||
add_top.append(range_query)
|
add_top.append(range_query)
|
||||||
else:
|
else:
|
||||||
add_top.append(range_query)
|
add_top.append(range_query)
|
||||||
else:
|
else:
|
||||||
if settings.DELAY_RESULTS:
|
if settings.DELAY_RESULTS:
|
||||||
|
if source not in settings.SAFE_SOURCES:
|
||||||
if not request.user.has_perm("core.bypass_delay"):
|
if not request.user.has_perm("core.bypass_delay"):
|
||||||
range_query = {
|
range_query = {
|
||||||
"range": {
|
"range": {
|
||||||
|
|
@ -571,6 +578,7 @@ def query_results(
|
||||||
dedup_fields = ["msg", "nick", "ident", "host", "net", "channel"]
|
dedup_fields = ["msg", "nick", "ident", "host", "net", "channel"]
|
||||||
results_parsed = dedup_list(results_parsed, dedup_fields)
|
results_parsed = dedup_list(results_parsed, dedup_fields)
|
||||||
|
|
||||||
|
if source not in settings.SAFE_SOURCES:
|
||||||
if settings.ENCRYPTION:
|
if settings.ENCRYPTION:
|
||||||
encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY)
|
encrypt_list(request.user, results_parsed, settings.ENCRYPTION_KEY)
|
||||||
|
|
||||||
|
|
@ -596,9 +604,11 @@ def query_results(
|
||||||
if query:
|
if query:
|
||||||
context["query"] = query
|
context["query"] = query
|
||||||
if settings.DELAY_RESULTS:
|
if settings.DELAY_RESULTS:
|
||||||
|
if source not in settings.SAFE_SOURCES:
|
||||||
if not request.user.has_perm("core.bypass_delay"):
|
if not request.user.has_perm("core.bypass_delay"):
|
||||||
context["delay"] = settings.DELAY_DURATION
|
context["delay"] = settings.DELAY_DURATION
|
||||||
if settings.RANDOMISATION:
|
if settings.RANDOMISATION:
|
||||||
|
if source not in settings.SAFE_SOURCES:
|
||||||
if not request.user.has_perm("core.bypass_randomisation"):
|
if not request.user.has_perm("core.bypass_randomisation"):
|
||||||
context["randomised"] = True
|
context["randomised"] = True
|
||||||
return context
|
return context
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,7 @@
|
||||||
<div class="is-active" data-content="1">
|
<div class="is-active" data-content="1">
|
||||||
<h4 class="subtitle is-4">Scrollback of {{ channel }} on {{ net }}{{ num }}</h4>
|
<h4 class="subtitle is-4">Scrollback of {{ channel }} on {{ net }}{{ num }}</h4>
|
||||||
{% include 'modals/context_table.html' %}
|
{% include 'modals/context_table.html' %}
|
||||||
{% if user.is_superuser and src == 'irc' %}
|
{% if user.is_superuser and source == 'irc' %}
|
||||||
<form method="PUT">
|
<form method="PUT">
|
||||||
<article class="field has-addons">
|
<article class="field has-addons">
|
||||||
<article class="control is-expanded has-icons-left">
|
<article class="control is-expanded has-icons-left">
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@
|
||||||
<i class="fa-solid fa-circle"></i>
|
<i class="fa-solid fa-circle"></i>
|
||||||
</span>
|
</span>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.src == 'irc' %}
|
{% if item.source == 'irc' %}
|
||||||
<a
|
<a
|
||||||
hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
|
hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'
|
||||||
hx-post="{% url 'modal_drilldown' %}"
|
hx-post="{% url 'modal_drilldown' %}"
|
||||||
|
|
@ -156,7 +156,7 @@
|
||||||
hx-post="{% url 'modal_context_table' %}"
|
hx-post="{% url 'modal_context_table' %}"
|
||||||
hx-vals='{"net": "{{ net }}",
|
hx-vals='{"net": "{{ net }}",
|
||||||
"num": "{{ num }}",
|
"num": "{{ num }}",
|
||||||
"src": "{{ src }}",
|
"source": "{{ source }}",
|
||||||
"channel": "{{ channel }}",
|
"channel": "{{ channel }}",
|
||||||
"time": "{{ time }}",
|
"time": "{{ time }}",
|
||||||
"date": "{{ date }}",
|
"date": "{{ date }}",
|
||||||
|
|
|
||||||
|
|
@ -245,7 +245,7 @@
|
||||||
hx-post="{% url 'modal_context' %}"
|
hx-post="{% url 'modal_context' %}"
|
||||||
hx-vals='{"net": "{{ row.cells.net|escapejs }}",
|
hx-vals='{"net": "{{ row.cells.net|escapejs }}",
|
||||||
"num": "{{ row.cells.num|escapejs }}",
|
"num": "{{ row.cells.num|escapejs }}",
|
||||||
"src": "{{ row.cells.src|escapejs }}",
|
"source": "{{ row.cells.src|escapejs }}",
|
||||||
"channel": "{{ row.cells.channel|escapejs }}",
|
"channel": "{{ row.cells.channel|escapejs }}",
|
||||||
"time": "{{ row.cells.time|escapejs }}",
|
"time": "{{ row.cells.time|escapejs }}",
|
||||||
"date": "{{ row.cells.date|escapejs }}",
|
"date": "{{ row.cells.date|escapejs }}",
|
||||||
|
|
@ -256,7 +256,7 @@
|
||||||
"dedup": "{{ params.dedup }}"}'
|
"dedup": "{{ params.dedup }}"}'
|
||||||
hx-target="#modals-here"
|
hx-target="#modals-here"
|
||||||
hx-trigger="click"
|
hx-trigger="click"
|
||||||
href="/?modal=context&net={{row.cells.net|escapejs}}&num={{row.cells.num|escapejs}}&src={{row.cells.src|escapejs}}&channel={{row.cells.channel|urlsafe}}&time={{row.cells.time|escapejs}}&date={{row.cells.date|escapejs}}&index={{params.index}}&type={{row.cells.type}}&mtype={{row.cells.mtype}}&nick={{row.cells.mtype|escapejs}}">
|
href="/?modal=context&net={{row.cells.net|escapejs}}&num={{row.cells.num|escapejs}}&source={{row.cells.src|escapejs}}&channel={{row.cells.channel|urlsafe}}&time={{row.cells.time|escapejs}}&date={{row.cells.date|escapejs}}&index={{params.index}}&type={{row.cells.type}}&mtype={{row.cells.mtype}}&nick={{row.cells.mtype|escapejs}}">
|
||||||
{{ row.cells.msg }}
|
{{ row.cells.msg }}
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|
|
||||||
|
|
@ -216,10 +216,12 @@ def hash_lookup(user, data_dict, supplementary_data=None):
|
||||||
hash_list = SortedSet()
|
hash_list = SortedSet()
|
||||||
denied = []
|
denied = []
|
||||||
for key, value in list(data_dict.items()):
|
for key, value in list(data_dict.items()):
|
||||||
print("DATA DICT", data_dict)
|
|
||||||
if "source" in data_dict:
|
if "source" in data_dict:
|
||||||
if data_dict["source"] in settings.SAFE_SOURCES:
|
if data_dict["source"] in settings.SAFE_SOURCES:
|
||||||
continue
|
continue
|
||||||
|
if "src" in data_dict:
|
||||||
|
if data_dict["src"] in settings.SAFE_SOURCES:
|
||||||
|
continue
|
||||||
if supplementary_data:
|
if supplementary_data:
|
||||||
if "source" in supplementary_data:
|
if "source" in supplementary_data:
|
||||||
if supplementary_data["source"] in settings.SAFE_SOURCES:
|
if supplementary_data["source"] in settings.SAFE_SOURCES:
|
||||||
|
|
|
||||||
|
|
@ -292,7 +292,16 @@ class DrilldownContextModal(APIView):
|
||||||
nicks_sensitive = None
|
nicks_sensitive = None
|
||||||
query = False
|
query = False
|
||||||
# Create the query params from the POST arguments
|
# Create the query params from the POST arguments
|
||||||
mandatory = ["net", "channel", "num", "src", "index", "nick", "type", "mtype"]
|
mandatory = [
|
||||||
|
"net",
|
||||||
|
"channel",
|
||||||
|
"num",
|
||||||
|
"source",
|
||||||
|
"index",
|
||||||
|
"nick",
|
||||||
|
"type",
|
||||||
|
"mtype",
|
||||||
|
]
|
||||||
invalid = [None, False, "—", "None"]
|
invalid = [None, False, "—", "None"]
|
||||||
|
|
||||||
query_params = {k: v for k, v in request.data.items() if v}
|
query_params = {k: v for k, v in request.data.items() if v}
|
||||||
|
|
@ -306,8 +315,11 @@ class DrilldownContextModal(APIView):
|
||||||
|
|
||||||
# Lookup the hash values but don't disclose them to the user
|
# Lookup the hash values but don't disclose them to the user
|
||||||
if settings.HASHING:
|
if settings.HASHING:
|
||||||
|
if query_params["source"] not in settings.SAFE_SOURCES:
|
||||||
SAFE_PARAMS = deepcopy(query_params)
|
SAFE_PARAMS = deepcopy(query_params)
|
||||||
hash_lookup(request.user, SAFE_PARAMS)
|
hash_lookup(request.user, SAFE_PARAMS)
|
||||||
|
else:
|
||||||
|
SAFE_PARAMS = deepcopy(query_params)
|
||||||
else:
|
else:
|
||||||
SAFE_PARAMS = query_params
|
SAFE_PARAMS = query_params
|
||||||
|
|
||||||
|
|
@ -346,7 +358,7 @@ class DrilldownContextModal(APIView):
|
||||||
SAFE_PARAMS["sorting"] = "desc"
|
SAFE_PARAMS["sorting"] = "desc"
|
||||||
|
|
||||||
annotate = False
|
annotate = False
|
||||||
if query_params["src"] == "irc":
|
if query_params["source"] == "irc":
|
||||||
if query_params["type"] not in ["znc", "auth"]:
|
if query_params["type"] not in ["znc", "auth"]:
|
||||||
annotate = True
|
annotate = True
|
||||||
# Create the query with the context helper
|
# Create the query with the context helper
|
||||||
|
|
@ -354,7 +366,7 @@ class DrilldownContextModal(APIView):
|
||||||
query_params["index"],
|
query_params["index"],
|
||||||
SAFE_PARAMS["net"],
|
SAFE_PARAMS["net"],
|
||||||
SAFE_PARAMS["channel"],
|
SAFE_PARAMS["channel"],
|
||||||
query_params["src"],
|
query_params["source"],
|
||||||
SAFE_PARAMS["num"],
|
SAFE_PARAMS["num"],
|
||||||
size,
|
size,
|
||||||
type=type,
|
type=type,
|
||||||
|
|
@ -374,13 +386,13 @@ class DrilldownContextModal(APIView):
|
||||||
return render(request, self.template_name, results)
|
return render(request, self.template_name, results)
|
||||||
|
|
||||||
if settings.HASHING: # we probably want to see the tokens
|
if settings.HASHING: # we probably want to see the tokens
|
||||||
if query_params["src"] not in settings.SAFE_SOURCES:
|
if query_params["source"] not in settings.SAFE_SOURCES:
|
||||||
if not request.user.has_perm("core.bypass_hashing"):
|
if not request.user.has_perm("core.bypass_hashing"):
|
||||||
for index, item in enumerate(results["object_list"]):
|
for index, item in enumerate(results["object_list"]):
|
||||||
if "tokens" in item:
|
if "tokens" in item:
|
||||||
results["object_list"][index]["msg"] = results["object_list"][
|
results["object_list"][index]["msg"] = results[
|
||||||
index
|
"object_list"
|
||||||
].pop("tokens")
|
][index].pop("tokens")
|
||||||
# item["msg"] = item.pop("tokens")
|
# item["msg"] = item.pop("tokens")
|
||||||
|
|
||||||
# Make the time nicer
|
# Make the time nicer
|
||||||
|
|
@ -390,7 +402,7 @@ class DrilldownContextModal(APIView):
|
||||||
context = {
|
context = {
|
||||||
"net": query_params["net"],
|
"net": query_params["net"],
|
||||||
"channel": query_params["channel"],
|
"channel": query_params["channel"],
|
||||||
"src": query_params["src"],
|
"source": query_params["source"],
|
||||||
"ts": f"{query_params['date']} {query_params['time']}",
|
"ts": f"{query_params['date']} {query_params['time']}",
|
||||||
"object_list": results["object_list"],
|
"object_list": results["object_list"],
|
||||||
"time": query_params["time"],
|
"time": query_params["time"],
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue